Reporter

Android phone users could be at risk of having their bank and personal information stolen, as cybersecurity experts have uncovered a string of dangerous apps.

Tech security firm ESET revealed the long list of apps – and while they have all now been removed from Google Play store, almost 30,000 users already have them installed.

Trojan security threat

Unlike apps which rely on impersonating legitimate banks, these apps are much more sophisticated and can target any applications on a user’s phone once installed, according to ESET.

The dangerous apps are disguised as device boosters and cleaners, daily horoscopes and battery managers, but they are actually complex hacking tools.

The apps have the capability to intercept and redirect text messages and calls, bypassing the SMS-based two-factor authentication, and can download and install other apps on the compromised device.

The ability to send and receive texts from a user’s device makes it possible to hackers to gain access to almost any of their personal web accounts, putting the likes of banking and social media accounts under threat.

How do the apps work?

When the apps are launched, they will display an error message which claims they have been removed due to incompatibility with a user’s device.

The app will then hide itself from view, or sometimes appear to function normally.

While the app seems to be working, the malicious functionality is hidden behind the scenes allowing it send and read text messages, download and install other applications, and, worst of all, impersonate other apps on a device.

“This is achieved by obtaining the HTML code of the apps installed on the device and using that code to overlay legitimate apps with bogus forms once the legitimate apps are launched, giving the victim very little chance to notice something is amiss”, ESET’s Lukas Stefanko explained.